from rest_framework import permissions


class IsOnerOrAdminReadOnly(permissions.BasePermission):
    """
    仅自己可进行修改
    管理员可查看
    说一下简单的理解
    has permission用于orderlist权限

    hasobject permission用于 对象级权限 但是首先要进行的是 haspermission

    """

    def has_permission(self, request, view):
        return True
        # 下面一行是登陆后可以看
        # return bool(request.user and request.user.is_authenticated)

    def has_object_permission(self, request, view, obj):
        # 对 管理员或自己可查看
        if request.method in permissions.SAFE_METHODS:
            print(request.user.is_superuser or obj.user_id == request.user.id)
            return request.user.is_superuser or obj.user_id == request.user.id
        # 仅对自己可修改
        return obj.user == request.user
